CVE-2023-21237

Warnung

EPSS 0.7%
Veröffentlicht 28.06.2023 18:15:16
Zuletzt bearbeitet 23.10.2025 14:52:26
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version13.0

05.03.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Pixel Information Disclosure Vulnerability

Schwachstelle

Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.7%	0.713

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://source.android.com/security/bulletin/pixel/2023-06-01

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21237

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-21237

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-21237

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-21237

EUVD